By requesting our demo, we will use the information you give us to contact you about our Growth Management Platform and understand more about your business and interest in our products. You can see in details how we’ll use this information in our Privacy Policy.

Yes, I’d like to receive updates from Insider’s awesome content.

Insider and the GDPR

At Insider, we take privacy seriously. With the European Union’s General Data Protection Regulation (GDPR) in effect from May 25, 2018, we have taken several technical and organizational measures to comply with the regulation.

What is GDPR?

The General Data Protection Regulation is a codification of privacy and data protection regulations whose aim is to provide a more consistent guidance on privacy and data protection and respect to personal data of European Union citizens. In sum, it has replaced the previous EU privacy directive, which was outdated, while also introducing some interesting changes to privacy and data protection regimen. GDPR applies to any company handling personal data of EU subjects, even if the company is headquartered outside of EU.

Our commitment

Insider has a Security, Privacy and Compliance committee with data protection specialists, legal consultants and security experts that prepared our company and our products for GDPR and continue to constantly reassess our standards. The team also includes executive members, such as our co-founders, who are fully committed to improving transparency and trust to obtain acceptance and agreement from our entire company.

What has Insider done to comply with GDPR?

The below table details our action across the organization to comply with this new regulation

GDPR Reference

Summary

Actions taken by Insider for Compliance

Data Protection Principles (Article 5)

Lawfulness, Fairness and Transparency

As a data processor, Insider commits to follow transparent processing activities. To show our processing activities, we published our product privacy policy for general applications. We are also providing all the necessary information about processing activities to our partners when requested.

Purpose limitation

We have the Data Processing Agreement with our Partners to define the purpose of processing activities. With the DPA, the duties and responsibilities of the parties are defined. We make sure that as a data controller, our partners collect the specified, explicit and legitimate consent from their End Users. If the purpose of the data collection is changed, our Partners need to inform about the change and we also change the DPA according to new purpose of processing.

Data minimisation

Unless the partners define other purposes, Insider products only collect users’ behavioral data to provide best personalized user experience. Based on our partners need, we process the data which is defined and collected by the partner. Our product by default collects only behavioral data in an anonymous way.

Accuracy

Any data pushed by our partners that relates to user data can be easily rectified using our API endpoints to either merge or override data.

Storage limitations

Our platform does not store any user data unnecessarily, unless indicated by our partners. All our data retention and storage policies are clearly defined and available to our partners..

Integrity and confidentiality

Our platform employs all required technical and organizational measures including pseudonymization of data to ensure its security and confidentiality

Consent (Article 7)

Conditions for consent

Unbundled

Active opt-in

Granular

Named

Easy to withdraw

Documented

No imbalance in the relationship

According to the Article 7 of GDPR, freely given, clear consent will be collected by the data controller. In the relationship between Insider and our partners, Insider is the data processor and our partners are the data controller according to the roles defined under GDPR. Based on these roles, Insider is not responsible for collecting the consent from end users to process the data. To help our partners to be compliant,, we are committed to enabling our partners to collect data responsibly as a controller. For our product features where the controller can collect User’s personal data, we have provided the ability to add consent checkboxes that are active and explicit.

Data Subject Rights (Article 15 – 23)

Expanded Individual’s’ Rights:

access their information;

have inaccuracies corrected;

have information erased;

prevent direct marketing;

prevent automated decision making and profiling;

data portability.

Insider will cooperate with any requests from controllers to access, erase or rectify data of end users through trained personnel servicing these requests. Additionally our platform also provides multiple API endpoints to delete data or update data to keep user data accurate.

To ensure that the entire company and its employees are aware about GDPR, we have taken continuous training and process measures. We have quarterly training programs to ensure employees are enabled to comply with GDPR. In addition to this we also have new employee onboarding to include GDPR awareness and policy coverage. Amongst several policy documents, Employee Security Rules is one such document to enforce our commitment towards data processing regulations

Data Breach (Article 33 – 34)

Responding to Data breaches and incidents

We fully commit to continuing to notify our customers and partners of any data incidents in line with our current terms of service and privacy agreements. We will keep investing in threat detection and avoidance technologies, and our round-the-clock incident management program to help you respond to security or privacy events. We prepared a detailed Incident Response Plan and built a Security Team to comply with Article 33-34.

Data Protection Officer (Article 37-39)

Appointment of DPO

Our DPO is available to answer any questions regarding data processing and how we’re compliant with core tenets of GDPR such as “consent” and “product compliance”. You can reach our DPO, Balam Bingül (Legal consultant) anytime via dpo@useinsider.com or through the number +905498222235

All the data we collect is stored in an EU-based center, the Amazon Web Services (AWS), in Dublin, Ireland. This data storage center is available to all customers who wish to have their data stored within the territorial scope of the GDPR, and not only our EU customer base.

Data Processing and Transfer

Our technical systems are 100% compliant with the GDPR and cloud base AWS servers of Insider is in the EU. To regulate cloud server system, Standard contractual clauses of EU Commission is added to our example Data Processing Addendum.